ISO 9000: An Aerospace Engineer’s Handbook for Implementing the International Standards for a Quality System Roy M. Chiulli ‘The Aerospace Press 2350 B. El Segundo Boulevard EI Segundo, California 90245-4691 American Institute of Aeronautics and Astronautics, Inc. 1801 Alexander Bell Drive Reston, Virginia 20191-4344 ISBN 1-1-884989-10-1 Copyright © 2001 by The Acrospace Corporation All rights reserved Printed in the United States of America. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publishers. Permission should be sought from the American Institute of Aeronautics and Astronautics, Inc. Data and information appearing in this book are for informational purposes only. The publishers and the authors are not responsible for any injury or damage resulting from use or reliance, nor do the publishers or the authors warrant that use or reliance will be free from privately owned rights.EableSiicesscesscoees Preface 1, Introduction. ... eee eee eee 1.1. Fundamentals of ISO 9000 . 1 1 Cieipeesi aks 150 9000 Se woe 2 1.3. 1SO Facts ...... se coe 83 1.4. Philosophy of ISO 9000 . - . 3 2. Understanding the ISO 9000 Series...... 2.1. Genesis of ISO 9000... 5 2.2. Quality Systems Terminology .. ce ved 2.3. Intemational Organization for Standardization Terminology 6 6 8 8 2.4. Why Implement ISO 9000? 2.5. Scope of ISO 9001 Requirements Documents... 2.6. Other ISO 9000 Guideline Documents. 2.7. National Versions of ISO 9000......0..0000 000 e cece eed 2.8. Concerns About the ISO 9000 Series. .... 10 2.9. Intemational Organization for Standardization Response to Concems oo 10 3.180 9001 Registration. 00.22... .000sceceeseeeeeeeeeeeeees 3.1. Introduction. 3.2, Caveats . 333.180 9001 Registration Process... 3.4. Benefits, Cost, and Schedule for ISO 9001 Registration... ce 3.5. The Malcolm Baldrige National Quality Award vs. ISO 9001 Reyistration 7 4. The Future of ISO 9000. . 4.1, Acceptance of ISO 9000. 4.2. The Future of Quality Audits ..... 5. Overview of ISO 9001 Requirements. .. seeeeeeeeeee eee DL 5.1, Management responsibility. . 21 5.2. Quality system 21 5.3. Contract revie Fe 2 5.4. Design control... . 2 5.5. Document and control data. 2B 5.6. Purchasing. .... 2B 5.7. Contol of customer-supplied product . - 24 5.8, Product identification and traceability 24. 5.9. Process control . woes . . 24 5.10, Inspection and testing... 25 5.11. Control of inspection, measuring, and test equipment... . 225 5.12. Inspection and test status . 6 5.13. Control of nonconforming product. 26 5.14, Corrective and preventive action - 26 5:15. Handling, storage, packaging, preservation, and delivery 7 5.16, Control of quality records. ...... 7 5.17. Internal quality audits... 27 5.18. Training . . / coe 28 S19. Servicing... 28 5.20. Statistical techniques a oe cece 28Contents 5.21. Customer satisfaction . 29 5.22. Continuous improvement ......... . 29 Appendixes... fixe TD SGeIintnenes co aerecereee A. ISO 9001 and MIL-Q-9858A Standards: Comparison... . B. ISO 9001:1994 and ISO 9001:2000: Comparison . C, Text of MIL-Q-9858A. coe Bibliography Index... About the Author.....Tables 1.1. Applicability of the ISO 9000 Series... 2.1, Sample ISO 9000 Required Documentation ... 2.2. Samples of ISO 9001 Required Records ee 2.3. Other ISO Guideline Documents. ue 9 2.4, National Versions of ISO 9000... .. 3.1, Requirements for ISO 9001 Registration - 3.2. Overview of the ISO 9001 Registration Process... 3.3. Overview of ISO 9001 Registration Benefits, Cost, and Schedule... ALL. Objectives ....... CoS DuSbBA5 seer ‘A. Primary Characteristics. A3. Overall Standards... AA. Scope... ? AS. Management Responsibility. A.6, Quality System. ... A.7. Contract Review . A.8. Design Control. . A.9. Document and Data Control ..... ‘A.10. Purchasing A.11, Control of Customer-Supplied Product. A.12. Product Identification and Traceability A.13. Process Control A.14, Inspection and Testing. 15, Control of Inspection, Measuring, and Test Equipment . A.16. Inspection and Test Status . he A.17. Control of Nonconforming Product... A.18, Corrective and Preventive Action ..... . A.19. Handling, Storage, Packaging, Preservation, and Delivery 35 20. Control of Quality Records .... - 38 A21. Intemal Quality Audits coe . - 36 A22. Training. cs / ee - 36 A23. Servicing... . 36 A.24. Statistical Techniques . . 36 25. Customer Satisfaction ........ . 36 A.26. Continuous Improvement . oi 36 B. Comparison of Requirements for ISO 9001:1994 and 180 9001:2000 2371. Introduction ‘The ISO 9000 Series, issued in 1987 by the Intemational Organization for Standardization (ISO), is a set of inter- national standards on quality and quality management. The standards are generic and not specific to any partic- ular product. They were adopted by the American Society for Quality Control (ASQC), now American Society for Quality, and issued in the United States as the ANSV/ASQC Q90 Series (revised in 1994 as the ANSI/ ASQC Q9000 Series). ISO 9000:2000 is the most recent revision of the standards. 1.1. Fundamentals of ISO 9000 ISO 9000 represents an evolution of traditional quality systems rather than a technical change. Whereas tradi- tional quality systems rely on inspection of products to censure quality, the ISO 9000-compliant quality system relies on the control and continuous improvement of the processes used to design, produce, inspect, install, and service products. In short, ISO 9000 represents a sys- ‘temic tool for bringing quality processes under control. ‘Once processes are controlled, they can be continuously improved, resulting in higher-quality products. ISO 9000 represents a significant step beyond ensuring that specific products or services meet specifications or industry standards. It certifies that a facility has imple- mented a quality system capable of consistently produe- ing quality products. That is, ISO 9000 does not certify the quality of products; it certifies the processes used to develop them. Thus ISO 9000 is a process-oriented rather than a results- oriented standard. It affects every function, process, and employee at a facility, and it stresses management com- mitment to quality. But above all, itis customer-focused: I strives to meet or exceed customer expectations. 1S 9000 is not a prescriptive standard for quality. The requirements section (ISO 9001), which covers all aspects of design, development, production, test, train- ing, and service, is less than 10 pages long. For example, when addressing the product design process, ISO 9000 focuses on design inputs, outputs, changes, and verifica- tion, Itis not meant to inhibit creative thinking. 1SO 9000 is a system quality standard that provides requirements and guidance on all aspects of a company’s procedures, organization, and personnel that affect qual- ‘ty—from product inception through delivery to the cus- tomer. It also provides significant requirements and ‘guidance on the quality of the output delivered to the cus- tomer. Pertinent questions are: What benefits will the proposed changes to the procedures, organization, and personnel provide to the customer? Will the proposed changes help to continuously improve product delivery schedules and product quality and reduce the amount of variance in product output? ISO 9000 does not require inspection to verify quality, nor is itthe preferred method. ISO requires that the out- put be verified according to documented process-control procedures. ISO 9000 does not mandate that specific sta- tistical processes be used; it requires the user to imple- ‘ment appropriate statistical processes. ISO 9000 ‘mandates product-control_methods such as inspection only when process-control methods are neither practical nor feasible. ISO 9000 does not provide industry-specific perfor- mance requirements. It provides a quality model that can >be applied to virtually every industry procurement situa- tion and is being used worldwide for commercial and, recently, government procurements. Many suppliers already have a quality system in place, be it simple or elaborate. ISO 9000 does not require a supplier to add new or redundant requirements to an existing quality system. Rather, it requires that the sup- plier specify a basic, common-sense, minimal quality system that will meet the quality needs of the customer. Thus, many suppliers find that their operative quality system already meets some or all of the ISO 9000 requirements. They only need to show that their existing procedures correspond to the relevant sections of ISO 9000. ISO 9000 provides suppliers with the flexibility of designing a quality system for their particular type of business, market environment, and strategic objectives It is expected that management, aided by experienced internal quality personnel and, if necessary, external ISO consultants, will determine the exact set of supplier qual- ity requirements. To ensure the overall success of the quality program, however, the specific work procedures should be created by those actually doing the work rather than by management or ISO consultants. Although an ‘organization's documentation of work procedures may be ISO 9000 compliant, if employees do not follow the procedures, the organization may not attain ISO 9000 certification. Drawing upon employee expertise and keeping employees involved in the process when improving and controlling procedures are critical w attaining ISO 9000 compliance. Developing a quality system is not asprint, but ajoumey. and because processes are continuously being improved, it is a journey without an end. ISO 9000 does not man: {ate the use of short-term motivational techniques to fos- ter employee enthusiasm for a supplicr’s quality system1. Introduction program. Attempting to motivate employees by promis- ing lower overhead or greater market share is not likely to be successful. Instead, itis recommended that employ- ces be educated on how ISO 9000 standards will help them perform their jobs better and faster. 1SO 9000 emphasizes that for any quality system to be successful, top-management commitment and active involvement are essential. Management is responsible for defining and communicating the corporate quality policy. It must define the roles and responsibilities of individuals responsible for quality and ensure that employees have the proper background for their jobs and are adequately trained. Management must periodically review the effectiveness of the quality system. It should not back the effort to comply with ISO 9000 during its inception and then back down when the scope and cost of the effort is fully realized. When employees sense that ‘management commitment has diminished, their own commitment slackens. Employees typically want out of a costly project not backed by management. ISO 9000 does require that an organization have docu- mented and implemented quality procedures that ensure personnel understand the quality system, that manage ‘ment maintain control of the system, and that internal and external audits be performed to verify the system's performance. Because ISO 9000 affects the entire orga- nization, all employees should be given at least basic instruction in the ISO 9000 process and its specific implementation at their facility. Training should empha- size goals, benefits, and the specific responsibilities and feedback required of each employee. ISO 9000 uses cus- tomer satisfaction as its benchmark. But the “customers” ‘of ISO 9000-compliant processes include not only the ‘obvious end-users of the product, but also an organiza- tion’s product designers, manufacturers, inspectors, deliverers, and sales force. Improving the processes that produce a quality product can provide an additional benefit: When the processes are well-defined and constant and when employees are ‘well trained to perform these processes, employee safety typically improves significantly. Also, during the course of improving its processes, a company often finds after close inspection that many of its processes and proce- dures are ineffectual and can be eliminated. Thus, while 1SO 9000 requires preparation and maintenance of a for- midable set of documents and records, the total paper- work of a company implementing ISO 9000 may decrease significantly in the long run. Other benefits of ISO 9000 compliance are a decrease in product defects and customer complaints and increased manufacturing yields. A final but very important by-product of imple- menting ISO 9000 is a heightened sense of mission at a company and an increased level of cooperation between departments. ISO 9000 is not product-quality oriented. It does not pro- vvide criteria for separating acceptable output from defec- tive output. Instead, it is a strategy for continuous improvement where employees meet and exceed cus- tomer quality requirements and, in doing so, continu- ously improve the quality of the product. 1SO 9000 recognizes that when a customer is looking at a specific part of a product (e.., car, stereo system), he is often looking at an item (e.g., engine, stereo cabinet) provided by a subcontractor. Hence, ISO 9000 requires that a company verify that its subcontractors are provid- ing quality items. Today, organizations with excellent quality systems often partner with their subcontractors. ISO 9000 provides an excellent framework for such a relationship, with subcontractors providing the raw ‘materials and components of the final product. ‘The ISO 9000 family is a set of “quality system manage ment” standards, the first in a set of evolving manage- ment system standards. Standards for environmental management are in place; standards for occupational safety, health management, and energy management will soon follow. These new standards will affect the space and aircraft industries just as they affect other industries. In summary, ISO 9000 compliance provides customers with the assurance that approved raw materials for a product have been purchased and that the product has been manufactured according to the correct specifica- tions, assembled by trained employees, properly inspected and tested, adequately packaged for preserva- tion, and transported in a manner that prevents damage to iten route. Overall, ISO 9000 compliance helps generate ‘quality awareness among a company’s employees, an improved competitive position for the company, an enhanced customer quality image, and increased market share and profits. 1.2. Components of the ISO 9000 Series ‘The ISO 9000 Series includes three standards: + 1SO 9000:2000 Quality Management Systems — Fundamentals and Vocabulary + ISO 9001:2000 Quality Management Systems— Requirements + ISO 9004:2000 Quality Management Systems Guidelines for Performance Improvement Table 1.1 provides the general applicability of ISO 9000. Note: ISO 9002:1994 and ISO 9003:1994 were discon: tinued in the ISO 9000:2000 family of standards. Orga- nizations that do not have design or manufacturing41. Introduction ‘Table 1.1. Applicability of the ISO 9000 Series Standard Applicability 1S0 9000:2000 General guidelines for Quality Management choosing the appropriate ‘Systems— quality system. Includes Fundamentals and guidelines on how to apply the Vocabulary standard. 1S0 9001:2000 Used forall ISO 9001 Quality Management certification audits. Systems— ‘Only this document specifies Requirements ‘mandatory requirements. 180 9004:2000 Guidelines for improving the Quality Management quality system beyond ISO Systems—Guidelines 9001. for Performance Improvement responsibilities (and were previously certified using ISO 9002:1994) will now have to use ISO 9001:2000 for cer- tification. These organizations are allowed to exclude design and manufacturing requirements in ISO 9001:2000 based on the rules for exception given in Clause 1.2, Permissible Exclusions 1.3. ISO Facts ‘The Intemational Organization for Standardization (ISO), founded in 1946, is a global federation of national standards organizations that includes some 130 member nations: + ISO is based in Geneva, Switvertand. + ISO's mission is to develop standards that facilitate trade across intemational borders. + In 1979, the Technical Committee 176 (ISO/TC 176) ‘was established to create intemational standards for ‘quality assurance, + Representatives from the United States and many other countries served on the committees responsible for developing ISO 9000. + Early in the 1990s, the chair of the consortium was a US. citizen from American Telephone & Telegraph (AT&T). + The US. standards organization within ISO is the ‘American National Standards Institute (ANSI). + The American Society for Quality (ASQ) has pub- lished a U.S. version of the ISO 9000 standards under the name Q9000. + ISO serves only as a disseminator of information on system quality, + ISO 9000 certificates are not issued on behalf of ISO. + ISO does not monitor the activities of ISO 9000 ac- creditation bodies. Monitoring is done by accredit boards within member nations. 4.4. Philosophy of ISO 9000 1SO 9000 places the responsibility for the establishment, performance, and maintenance of a quality system directly with a company’s top management: + ISO requires the top management to define a quality policy, provide adequate resources for its implementa- tion, and verify its performance. + Top management must demonstrate how its employ- ces acquire and maintain awareness of its quality policy. ‘The ISO 9000 process strives for generic applicability: + No specific methods, statistical processes, or tech. niques are mandated. + Emphasis is on the overall objective of meeting cus- tomer expectations regarding the output of the system quality process. + ISO has said that it will never issue industry (product specific) quality guidetines. 180 9000 strives to achieve a quality system by employ- ing the following practices for continuous improvement: Prevention rather than detection by inspection + Comprehensive review of critical process points + Ongoing communication between the facility, its sup pliers, and its customers + Documentation of processes and quality outcomes + Management commitment at the highest levels 10 9000 provides a clear definition of the management style required to achieve a “world-class” quality system: + Formal organization that delineates responsibilities + Documented, authorized, and enforced procedures for all key activities + Full set of archived but periodically analyzed quality ‘outcome records + Set of periodic reviews to track system quality perfor- mance and plan and implement corrective actions + Philosophy of regulating, but not eliminating, individ ual initiative in achieving system quality 1SO 9000 provides a facility with a formal management style leading to system quality. The measure of success in implementing system quality is determined by well- organized, well-planned, and well-executed periodic intemal and external audits of the processes and quality ‘outcomes of the facility. ‘The majority of ISO member nations will not mandate the adoption of the ISO 9000 standards in the foreseeable fature. To date, only Australia mandates adoption of the standards. How well the ISO standards facilitate rade in the inter- national marketplace will determine how widespread their use becomes,2. Understanding the ISO 9000 Series 2.1. Genesis of ISO 9000 Misconceptions about ISO 9000 are that it's a European standard and that it’s new. ISO 9000 is a global standard Published by an international federation headquartered in Geneva, Switzerland. It has been adopted by nearly 130 nations with very diverse economies (e.g., China, Australia, Mexico, and Japan). ISO 9000 standards are based on long-standing U.S. Department of Defense ‘quality standards first published in the 1950s: + MIL-Q.9858 was frst published in April 1959 and up- dated to MIL-Q-9858A in December 1963 + MIL-Q-9858A was adopted by the British Standards Institute and expanded in 1979 into the British Stan- dard BS 5750 quality system standards. + The International Organization for Standardization Technical Committee 176 (ISO/TC 176) modified the British Standards BS $750 code and issued the first 1SO 9000 standards in 1987. * The first major revision to the ISO 9000 standards was issued in 1994, * The second major revision to the ISO 9000 standards was issued in 2000. In the Information Age, the world is fast becoming a “global village.” To survive, companies must be viable jin the international marketplace. Global trends are ‘expanding far beyond territorial boundaries, government, regulations, and cultural taboos. These trends have ‘become commonplace in the international market: + Even small companies have subsidiaries and other ‘competitors in foreign countries. * Defense facilities are evolving into dual-use (defense and commercial) facilities. + Commercial rather than military quality standards are ‘gaining worldwide acceptance for procurements. + Non-value-added requirements are being removed from product specifications + Cost reduction is paramount. + Customers are demanding quality Jn the area of system quality, a confusing array of quality standards has traditionally been in international use, Depending on the type of product and contract, one of the following quality standards may have been invoked: + Commercial + Military + National + Multinational + Guideline + Compliance + Adhoc During the 1980s and 1990s, customers in the interna tional marketplace increasingly demanded quality in manufacturing. A need developed for consistent intema- tional quality standards written for facilities, suppliers, and customers in common, easily understood terminol- cay. ISO 9000 was published in 1987 to address the need for consistency. A companion document, ISO 8402, was Published to provide common international terminology. 1SO 9000 is meeting the need for international standard- ization of quality standards. It has been well received by the intemational community and is quickly replacing national and industry-specific standards. For example, the European Common Market adopted the IS0 9000 standards for its member nations as the minimum ‘requirement for system quality and audits of compliance by accredited independent third parties. European manu. facturers had wrestled with compliance with a dozen or more different national quality standards, which discour- aged trade outside of each country and precluded inter- national competition. Adoption of ISO 9000 has provided European manufacturers with barrier-free access to a European market of more than 350 million customers and more than $4 trillion in value. Because ISO 9000 is a comprehensive set of universally recognized system quality standards, companies around the globe who adhere to the standards carn instant credi- bility for their ability to consistently deliver high-quality Products. Adherence to the standards often results in a competitive advantage. It also provides a basis for third: Party quality auditing. The accreditation of a supplier's ‘quality system by an independent third party means facil- ities do not have to conduct their own audits of suppliers. The goals of ISO 9000 are as follows: + Meet or exceed customer requirements. + Establish quality procedures. + Control the procedures. + Document quality outcomes. + Improve the quality system continuously. 2.2. Quality Systems Terminology Documentation: Description of existing quality system, Records: Results of implementing the quality system. Process: Methodology for performing work. A process includes the inputs to the work, the expected output of the work, and the specific actions that must be followed ‘to complete the work. A process typically spans several ‘organizations and contains several procedures.2. Understanding the ISO 9000 Series Procedure: The specific actions performed during a pro- ess. A procedure is typically limited to a single organi- zation. Quality: Sum of the characteristics that affect a system’s ability to meet customer requirements. Elements of sys- ‘em quality (determined by its customers) may include + Conformity + Reliability + Maintainability + Availability + Interchangeability + Safety A less formal definition of quality is exceeding customer requirements while maintaining growth and profits. Total quality management: Brings quality manage- ‘ment to the strategic level of a company and involves the atticipation of all company members. Quality system: The organization, responsibilities, pro- ‘cedures, processes, and resources required for the imple- mentation of total quality management, The quality system is the unifying force of all functions, processes, and employees of a facility and its suppliers (input) and ‘customers (output). Quality assurance: Activities that instill confidence that the output of the process is meeting quality requirements. Quality control: Operational methodology (e.g., moni- toring, reduction of variance) designed to meet the spe- cific quality requirements. Quality audit: A comprehensive and systematic review of the quality-control processes of a facility to determine whether the processes are likely to meet system quality objectives. An internal quality audit is performed by individuals with no direct responsibility for the process being audited. These audits should be fact-finding rather ‘han fault-finding in nature and should focus on improv. ing the quality system in preparation for an external audit. An external quality audit is performed by an inde- pendent third-party team. Corrective action: Action taken to eliminate the cause of a nonconformity so it doesn’t happen again. This is a reactive response. Preventive action: Action taken to eliminate the cause ‘ofa potential (future) nonconformity. This is a proactive measure. 1SO 8402, “Intemational Standard Quality Vocabulary,” provides additional definitions of terms used throughout the ISO 9000 series of standards. 2.3. International Organization for Standardization Terminology ISO/TC 176 has issued separate definitions of the terms Product and service. However, ISO 9001 is the require- ments document used for certification of both product and service organizations. Product * Consequence of activities or processes, either tangible or intangible, or a combination of the two. * Four product categories have been defined; a product ‘may be any combination of the four categories: ~ Hardware: manufactured parts, components, and assemblies ~ Software: typically, computer software, informa- tion, data, and records ~ Processed materials: raw materials typically de. livered in drums, tanks, pipelines, etc. Services: these are typically telephony, banking, and transportation Service * Consequence of activities between the customer and the seller and of the seller’s internal activities for mect- ing customer needs. * The customer or the seller may refer to cither person ‘nel or equipment. * Customer activities may be required for delivery of the service. * Service may include the manufacture, supply, deliv ery, oF use of products. A seller's offering to a customer may include character istics of both a product anda service. For example, phone companies offer products (c.g., the delivery of phone messages) together with customer services (e.g., emer ‘gency 911 services). 1SO 9000:2000 refers to the company implementing the 1SO 9000 standards as an organization (referred to as supplier by ISO 9000: 1994). Also, ISO 9000:2000 refers ‘o subcontractors as suppliers. 150 9000:2000 has made subtle changes in its vocabu- lary (€-g., inspection and test is now called product verification) to expand beyond manufacturing compa- nies and include service organizations. 2.4. Why Implement ISO 90007 Significant benefits accompany ISO 9000 compliance However, the road to compliance is not always smooth and direct. Management commitment to allocating the required budget and employee enthusiasm for designing and implementing improvements to the quality processes are essential,2. Understanding the ISO 9000 Series 1SO 9000 compliance does not mean radical change in quality management. It grew out of and is similar to other ‘quality systems such as W. Edwards Deming’s 14 Points, MIL-Q-9858A, and the Malcolm Baldrige National Quality Award criteria. The ease with which a company implements ISO 9000 standards depends on + Commitment of top management + The quality system already in place (It is good practice to have this assessed by an independent ISO 9000 consultant.) + Scope of the production process (the number of orga- nizations involved, the complexity of functions performed, and the size of the facility) Implementation of the ISO 9000 process is ongoing, and success depends on the process being continuously mon- itored (internally, and less often, extemally) and improved. ‘An important new feature in the ISO 9000-2000 stan- dards is that a company can register as being compliant with the ISO 9000 quality system. For a company with a ‘comprehensive quality system, registration is not diffi ‘cult. There are several strategic reasons why a facility ‘would want to obtain registration as ISO 9000 compliant: + To gain access to particular markets, such as the Euro- pean Community, which requires that suppliers of ‘health products (such as implant devices), children’s products (such as toys that must be safe), and strategic products (such as telecommunications devices) be reg- istered as ISO 9000 compliant. + To keep pace with competing companies who have adopted ISO 9000, Some intemational companies are using ISO 9000 registration as the criterion for choos- ing among potential suppliers. + To get a jump on competing companies that have not adopted ISO 9000. It is better to be proactive than re- active in adopting a new quality paradigm. Companies that assume a proactive stance in obtaining ISO 9000 compliance gain more time in which to do so and con- serve resources, + To reduce the number of company audits by custom- ‘ers. It is expected that ISO 9000 registration will be accepted by customers in lieu oftheir conducting qual- ity audits of a company. + To project a better quality assurance image to custom- crs. Some companies hold information or training sessions to explain to their customers and suppliers the benefits of ISO 9000 registration. 1SO 9000 registration is confirmed by registrars, a group of accredited third-party agents. A review of company documentation and on-site audits of quality processes and outcomes allows registrars to confirm that the com- pany quality system conforms to ISO 9000 and that the company actively uses the system in its daily activities 1SO 9000 registration may be awarded on a company- wide or a facility-only basis. An ISO 9000 seal of approval is provided by the registrars. Registration can be renewed through semiannual visits to the contractor site by registrars of the accredited registra- tion body. During these visits, the registrars review any changes to the aceredited quality system and validate that all corrective actions required during previous visits have been implemented. Auditing plays an important role in determining ISO 9000 compliance. The departments of a company should perform a self-assessment prior to a formal extemal audit. The company should then conduct intemal audits by employees who do not work in the area being audited, Itis recommended that a company next allow a preaudit by an extemal registration agency to determine compli- ance prior to the full audit performed by the external reg- istration agency. ISO publishes “Guidelines for Auditing Systems,” a set of three documents about conducting an 1SO 9000 audit: + ISO 10011-1, “Auditing,” (1990) provides basic audit principles related to all aspects of the quality system audit (from planning the audit to validation of imple- mentation of corrective actions). + ISO 1001-2, “Qualification Criteria for Quality Sys- tems Auditors,” (1991) describes _edueational, experience, training, and other qualifications for qual- ity system auditors. + ISO 1001-3, “Management of Audit Programs,” (1991) provides guidelines for the implementation of an audit. These guidelines represent an intemational consensus concerning the acceptable practices for auditing a quality system, and they may ultimately replace the ISO 9000 requirements on auditing. 1SO 9001 pertains to design, development, production, installation, and servicing of products. It applies to facil: ities that design, manufacture, and service products. It applies to organizations that manufacture products (where the design is performed elsewhere). It applies to organizations that make simple products. It also applies to service organizations. ‘The ISO 9000:1994 series also included ISO 9002:1994, which covered production and installation of products and applied to companies that manufacture products designed elsewhere, and ISO 9003:1994, which covered final verification and test and applied to facilities that manufacture simple products where verification may be determined at the time of inspection. ISO 9002:1994 and 1SO 9003:1994 were discontinued in the ISO 9000:2000 family of standards. Organizations that do not have2. Understanding the ISO 9000 Series design or manufacturing responsibilities, which were previously certified using ISO 9002:1994, must now use 1SO 9001:2000 for centfication. These organizations are allowed to exclude design and manufacturing require- ments in ISO 9001:2000, based on the rules of exception stated in Clause 1.2 “Permissible Exclusions.” The intent is to allow flexibility in designing an audit to a specific ‘company (¢.., to exclude design control requirements in organizations that do not perform design) yet to have ‘only one requirements specification. 2.5. Scope of ISO 9001 Requirements Documents ‘The numbering and section titles of the ISO 9001 Fequirements documents are not the same as those used in the guidance documents ISO 9000 and ISO 9004. 1S0 9001 compliance requires that a comprehensive list of quality policies, processes, and procedures be docu- mented and a full set of records be maintained. Table 2.1 shows a sample list of ISO 9000 required documentation, Table 2.2 provides a sample list of records that must be ‘maintained for ISO 9001 certification. The specific doc. lumentation and records a company maintains should be determined by the company itself. TSO 9001 does not require a specific procedure format, but it does require that all employees who perform a task sign a written document that outlines the procedure he or she followed. Team consensus is more easily achieved ‘when the employee performing the task also writes the Procedure. ISO 9001 also requires that changes to a pro. cedure be reviewed by all employees performing the work. ISO 9001 stresses that maintaining control of the ‘Process and procedure definition and implementation are as important in producing quality products as are more visible tasks such as testing. 2.6. Other ISO 9000 Guideline Documents A number of other ISO 9000 documents provide noncon. ‘actual guidelines for applying contractual requirements ‘0 TSO 9001 registration. In addition, manufacturing or service companies who are not seeking formal registra. tion but who want to implement a quality system pro- gram can follow the procedures prescribed in the appropriate guideline document. 1SO 8402 provides vocabulary related to quality systems, while the ISO 10011 series provides guidelines for con, ducting an ISO 9000 audit. Table 2.3 lists and describes other important guideline documents, Table 2.1. Sample ISO 9000 Required Documentation Policy/Process/Procedure ___Mamt. responsibilty Quality system procedures Quality system Quality manual Quality system Quality plan Quality system Contract requirements Contract review Contractreview Contract review Organbatonal se Grgenizatonl and Design control Design planning Design control Design controf Design control Design input Design control Design - Design control Documentidata control Documentid data control Master listing Decument/data control Purchasing Purchasing an Product identification Product identification and traceability and traceability ‘Work instructions Process control Inspection and testing Inspection and testing Calibration procedures Conta of nepecton ‘measuring, and test equipment Calibration control Control of inspection, ‘measuring, and test equipment Reinspections due to Control of inspection, calibration failure measuring, and test equipment Nonconforming products Contrat ‘of nonconforming Product Review of nonconforming Control of nonconforming Product Product Repair or rework Control of nonconforming procedures. roduct Corrective actions Corrective and preventve - action Preventive actions Corrective and preventive actions Handling, storage, Handling, storage, Packaging, preservation, packaging, preservation, and delivery and delivery . Quality records _ Control of quality records internal augits Internal quality audits Training needs identification Traini ing — Service ‘Servicing Statistical techniques Statistical techniques SSS iota techniques2. Understanding the ISO 9000 Series ‘Table 2.2. Samples of ISO 9001 Required Records Table 2.3. Other ISO Guideline Documents. Applicable ISO 9001 Document Description Records " — oan 180 9000-1 ‘A short introduction to the snagement reviews anagement responsibilty _ QUalitymanagement and ISO 9000 series and en See al setts Quality assurance ‘guidelines on how to apply Contract reviews Contract review standards— the standards. Dekoeies OS Pat 1: Guidotines for Design reviews Design control selection and use. Design verifications. Design control 1S0 9000-2 Guidelines for the Quality management and application of the Design validations Design control Quality assurance contractual requirements in standards— 180 9001. ‘Subcontractor evaluations Purchasing Damaged or lost customer- Control of customer- supplied product supplied product Traceability Prean wentncaasp- Traceability Product identification and Qualified processes, Process control equipment, personne! Inspection and test Inspectiontesting records Urgent product releases _inspectionvtesting Test equipment and Control of inspection, software conformance measuring, test equipment status Reinspection due to Control of inspection, calibration status measuring, est equipment Noneonforming product Control of nonconforming disposition Product {avestigative analysis for Corrective and preventive Corrective action action Procedural changes for Corrective and preventive preventive action action’ Results ofintemal audits Internal quality audits Eee vay avis Training Training ——— 2.7. National Versions of ISO 9000 For reasons of pride and sovereignty, many nations in the industrialized world (including the United States) have developed their own versions of the ISO 9000 standards, The U.S. ISO 9000 standards are referred to as the (20000 standards. In the United Kingdom, the ISO 9000 standards are the BS 5750 standards, and the standards Within the European Community are known as the EN 29000 standards. Some of these versions are identical to 1SO 9000 word for word. Others are functionally equiv- alent but not identical. A partial list of national versions 0f ISO 9000 is provided in Table 2.4 Part 2: Generic guidelines. ‘for application of ISO 9001 —— ee §SO 9004-4 Guidelines for manufactur- Quality management and _ing and service-oriented ‘quality system elements— companies. Part 1: Guidelines Fig. 1 in ISO 9004-1 ilus- trates a manufacturing uality loop that includes all stages of the quality system ‘Note: Manufacturing firms typically have some type of service associated with theit operations. 'So 9004-2 Guidelines written Quality management and specifically for service- quality system elements— oriented companies. Part 2: Guidelines for 10 9004-2 Fig. 3 ilustrates services a service quality loop that includes all stages of the quaiity system. oa 2.8. Concerns About the ISO 9000 Series 2.8.1 Potential for Competing Standards The ISO 9000 series has been written with generality and simplicity in mind so that the standards will apply to all {ypes of large and small companies in different countries, While 180 9000 applies to four product categories, its language refers mainly to the hardware category. Com- panies in sectors other than the hardware category might contemplate a derivative or competing document spe- cific to their industry. 2.8.2 Potential for Nonstandardization The International Organization for Standardization can ‘ot prohibit industries or individual countries from pro- ducing derivative or competing documents. Were ISO 9000 to become tailored for use by industries in different countries, a loss of standardization worldwide would result. Also, if large military and commercial agencies2. Understanding the ISO 9000 Series Table 2.4. National Versions of ISO 9000 Country National Standard Australia SSCASSQODSSS Belgom SSNS Canada __CSAZ209°0—2~2~*~*~*S Denmark DS/EN 2900 France NFX50 Germany DIN ISO 9000 _ Holland NEN TSO 9000 Hungary ___ MI 48990 _ India s=~—<—~sSCSsS TOOTS ireland 1S 300 New Zealand NZS 5600 Norway NS 5801 South Africa SABSO157 Spain TUNE 66900) Sweden ‘55180 9000 United Kingdom 855750 United Si ‘8000 requested tailoring of ISO 9000 to specifically address the needs of their complex systems, there would be a loss of standardization worldwide, 2.8.3 Potential for Lack of Agreement on Expansion of ISO 9000 Series ‘The need to expand the ISO 9000 series to meet the spe- cific needs ofall product categories and all industries has been recognized. However, users agree that despite the deficiencies of the ISO 9000 series, there is a strategic need for quality standardization in the global economy, and they have therefore resisted the proliferation of derivative or competing quality standards. The Intema- tional Organization for Standardization believes small additions and changes to the existing ISO 9000 series can meet the needs of the marketplace while still preserving the simplicity and applicability of the quality standards. 2.9. International Organization for Standardization Response to Concerns The Intemational Organization for Standardization has addressed user concems in contractual situations by sez- ‘menting the ISO 9000 series: + ISO 9001 provides system quality requirements for contractual relationships. + ISO 9004 provides guidelines for implementing and ‘managing a “world class” quality system.3. ISO 9001 Registration 3.1. Introduction ISO 9001 registration, or certification, of a quality sys- tem is granted after a third party has verified that the sys- tem is in compliance with the ISO 9001 standard. ISO 9001 registration is acknowledged in the Dun & Bradstreet report on a company. 1SO 9001 registration confirms that the company has defined, documented, and controlled its Procedures for supplying quality products or services to its customers. ISO 9001 registration of the company should be a by- product of the main goal: improving the quality system. The desire to improve quality should lead to ISO 9001 registration, not the other way around. After obtaining ISO 9001 registration, a company should. ‘expect increased employee involvement with quality and ‘expect quality problems to be largely self-correcting. ‘The process of achieving ISO 9001 registration requires that a facility meet the following qualifications: + Management belief in the benefits of ISO 9001 regis- ‘ration and full commitment through the entire registration process. + Employee commitment to certification through mak- ing employees an important part of the change process and making them aware that the change will improve their work environment. An objective understanding of the current quality sys- ‘em in terms of its component activities and in terms of the roles and actions required of each employee. * A clear and commonly held interpretation built ‘through consensus of what ISO 9001 requires for com- pany compliance. + A plan (with sufficient resources and a reasonable schedule) for improving the processes and procedures not in compliance with ISO 9001. The items listed in Table 3.1 are required of a company applying for ISO 9001 registration. ISO 9001 registration is a dynamic process. The ISO 9001 registration process presented here is only a snap- shot of the true process. It is recommended that a com- pany work with an ISO 9001 consultant in obtaining ISO 9001 registration. 3.2, Caveats ‘When the goal is to achieve ISO 9001 registration rather than to improve quality for the benefit of the organiza- tion, there is a lack of organizational commitment to quality. The achievement of ISO 9001 registration becomes much more difficult. " ‘Table 3.1. Requirements for ISO 9001 Registration Ttem Requirement Quality system “Meets requirements of ISO 9001 Documentation Quality policy Quality manual Detailed processes and procedures Experience Successful operation for at ree ‘months 180 9001 “Accredited to ISO. 9001. SSS registrar Application Formal application SSS Audit ‘Assessment of documentation On-site assessment of quality system Corrective action Eliminate nonconformances Fee Payment of the required fee —— aed ee ‘Steps taken and documented during the ISO 9001 regis- tration process that do not contribute to certification do ‘not result in a finding of nonconformance, Nevertheless, @ company seeking to improve its quality system should identify such unnecessary processes and eliminate them, ‘A quality system that depends on auditing to ensure qual- ity is no better than a quality system that depends on inspection or management review to ensure quality Auditing, inspection, and frequent management review. all represent a sizable drain on the resources of a com. pany. A well-designed and well-implemented quality system should have processes in place to determine and correct deficiencies independent of the audit function, The main goal of audits should be to ensure that the Proper processes for a quality system are in place and functioning. A consultant is not responsible for a company being awarded ISO 9001 registration; this responsibility lies with the company. While a good consultant can facilitate the process, the driving force behind ISO 9001 registra tion must be the employees of the company. The excel- lence of a quality system is not self-evident. It must be communicated to the registrars by the employees of the company. To this end, employees need to be educated and trained in how to answer registrar requests for infor- mation and data. To achieve registration, a company needs to be in com pliance with the individual sections of ISO 9001. How- ever, ISO 9001 is a system quality standard that also depends on how the individual components interface. If the individual components of the quality system do not operate together satisfactorily, a facility can be in com- pliance with cach individual section of the ISO 9001 standard but not in compliance overall.3.1S0 9001 Registration Seldom can one company successfully adapt a quality system from another. Each company has its own unique ‘quality culture and idiosyncrasies. Furthermore, quality assurance employees in a company will be more enthusi- astic about a quality system they have developed rather than one they have simply adapted. However, other ISO {9001 registered companies are a good source of ideas for developing or improving a quality system. Approximately 60 percent of the applications for ISO ‘9001 registration are rejected on the first attempt. Many facilities do not perform the preparatory steps necessary for success. These are the most common deficiencies in ‘quality systems that fai + Procedures for the establishment, review, modifica- tion, validation, and removal of documentation required for ISO 9001 registration are inadequate. + Processes for controlling the design of the product to meet customer performance requirements have not been adequately documented and controlled. + Operations for obtaining proper materials to meet product requirements have not been established and controlled. + Operations for inspection and testing are not carried out in accordance with documented procedures or are not supported by records indicating the status of all product requirements prior to release of the product. + The quality system is not defined, documented, and maintained in a manual. The process for ensuring that a product meets cus- tomer requirements in concert with the documentation and record requirements of ISO 9001 is inadequate. + Test equipment required by the quality system is not adequately calibrated, maintained, reviewed, and controlled. In the United States, there is no sanctioning body of reg- istrars and no minimum set of requirements to become an ISO 9001 registrar. The number of consultants who claim ISO 9001 expertise in the United States exceeds the number of registered companies. Consequently, the ‘amount, quality, and cost of the services provided by a registrar ora registration company in shepherding a com- pany through the ISO 9001 registration process varies widely. Most European Community (EC) nations have accreditation bodies, and some have reciprocal recogni- tion of accreditation with nations outside the EC. How- ‘ever, the EC does not recognize reciprocal accreditation agreements with nations outside the EC for “regulated products” of importance to health, safety, or competitive advantage (e-g., telecommunications products). ‘The registrar or registration company should have a non- disclosure agreement with the company being audited so that sensitive information is protected during the audit. ‘Any organization in the United States can issue ISO 9001 registration stamps. Authority from an extemal governing organization is not required. ‘The American Society for Quality (ASQ) in cooperation . with the American National Standards Institute (ANSI) publishes standards under the title ASQC/ANST Q9000 that are equivalent to the ISO 9000 standards. The Amer- ican Society for Quality Control (ASQC) is an industry trade group and is neither sponsored nor sanctioned by the U.S. government. ‘ASQ operates the Registrar Accreditation Board (RAB), which authorizes United States firms to act as Q9000 registrars. Foreign nations are not obligated to recognize 1SO 9001 registration granted by RAB. It is imperative that a company obtain ISO 9001 registra- tion accepted by the countries in which it does business. For example, the EC mandates that suppliers" products be registered to EN 29001 or EN 29002, as applicable, to be cligible to ship “regulated products” to the EC. Registrar qualifications are provided in ISO 10011-1, ISO 1001-2, and ISO 1011-3. In broad terms, the job of the ISO 9001 registration team is to certify that (1) a company has ISO 9001-compliant documentation in place capable of producing consistent ‘quality products under controlled conditions, and (2) the ‘quality system is functioning in accordance with the quality system documentation, 3.3. ISO 9001 Registration Process Table 3.2 provides an overview of the ISO 9001 registra- tion process. 3.3.1 Getting the Company Ready 1. Employee quality education program: An employee quality education program implemented either through posted signs or more formal training must communicate the quality policy of the company. Quality policy and quality manual: When a formal application is filed with the registration agency, typ- ically the registration team first performs a review of the company’s quality policy and quality manual. It is helpful for a facility to write its quality manual using the same section numbering and content used in ISO 9001. ‘The registrar also reviews the com- pany’s organization chart and the quality roles and responsibilities of each member of the organization. ‘Management must demonstrate evidence of its com- ‘mitment to ISO 9000 implementation. 3. 6.Quality system in place: Specific work processes and procedures must be prepared and reviewed, internal audit process must be in place and functioning well, 123.180 9001 Registration ‘Table 3.2. Overview of the ISO 9001 Registration Process Major Quality Activity 1. Employee quality education program 2. Quality policy and policy manual, 3. Work processes and procedures 4. Intemal audit process 5. Responsibility and authority defined 6. Documentation in place 7. Internal quality assessment 8. Preaudit by registrars 1. Review Quality Policy and Quality Manual 2. Examine training records 3. Review quality education program 4. Set date for company audit 5. Conduct initial meeting 6. Tour the facility 7. Conduct employee interviews 8. Examine management involvement 9. Examine documentation and implementation 10. Examine intemal audit program 11. Examine manufacturing process 12. Examine supplier procurement process 1. Assess documentation 2. Provide initial feedback 3. Identify nonconformances 4, Provide final verbal report 5. Provide formal written report 6. Plan follow-up visits (i required) 1. Quality system evolution 2. Semiannual visits 3, Calibration of intemal audit system Phase Getting the company ready Registration team ‘examination Registration team assessment Maintenance of ISO 9001 registration and employees must understand their responsibilities and authority within the quality system. Also, employees must know where to find quality docu- ‘ments and data pertaining to their jobs and be able to answer external audit questions. At this point, the ‘quality system is in place and ready for an ISO 9001 registration-team audit 7. Internal quality assessment: Many companies con- duct a series of internal quality assessments to ensure that employees understand the quality sys- tem, that all processes used are adequately docu- ‘mented, and that employees are actually following the processes and procedures. Employees have the familiarity with the work to know if a nonconfor- mance is a one-time event or indicative of a more pervasive problem. Successful internal assessments make the job of the registration team much easier, 43 shorten the registration team’s audit ts reduce the number of findings. ie line, and Preaudit by registrars: Many companies ask regis- twars to conduct a preaudit of a company several ‘months prior to initiating a formal ISO 9001 regis- tation audit. This preaudit is a scaled-down version fa full audit and is performed to determine whether the company has the fundamentals of an ISO 9001 quality system in operation. This preaudit helps eliminate first-time application failures. A company should use the same registration agency for the preaudit that wil be used for the full ISO 9001 audit. As long as the agency did not provide guidance on the development of the company’s quality system, there is no conflict of interest in a single agency per- forming the preaudit and the full ISO 9001 aut. 3.3.2 Registration Team Examination 1, Review quality policy and quality manual: When a formal application is filed with the registration agency, typically the registration team first performs areview of the company’s quality policy and quality manual. It is helpful for a company to write its qual- ity manual using the same section numbering and content used in ISO 9001. The registrar also reviews the facility’s organization chart and quality roles and responsibilities of each member of the organization. Examine training records: The registration team examines the training records for cach critical qual- ity task. The company must demonstrate that employees know how to operate the equipment or assemble the product accurately and. safely. Employees at cach stage of the production process ‘must know how to determine if'a product conforms to the requirements. 3. Review quality education program: The registration ‘team looks for confirmation that the company qual- ity policy has been communicated to employees. Set date for company audit: The company may pick the date of the on-site registration team audit, which includes an inspection of the facility along with its quality documentation and records. The company should provide the registration team with a work area from which all relevant quality documents can be accessed. Also, the facility should try to make the registration team feel welcomed to establish a rap- port that enhances communication. Management should help employees understand ahead of time that the registration team is there to improve the quality system and not to assign fault. Anxious employees need to know that it is the quality system that is being audited, not the employees.3.180 9001 Registration The registration team is typically composed of a lead registrar and one or more other registrars, depending on the size of the facility. The lead regis- trar is responsible for relations with the company management. At least one of the registrars should have experience in the type of operation performed at the facility. Registrars must be free of conflict of, interest, and itis the right of the company to ask for the exclusion of any registrar with whom a conflict of interest exists. At many companies, each registrar is escorted by employes who have internal audit ‘experience and are familiar with ISO 9001 certifica- tion. These employees can be useful in explaining both registrar questions to employees and employee answers to registrars. Also, escorts are useful in defusing potential arguments between employees and auditors. . Conduct initial meeting: The registration team usu- ally requests an initial meeting to explain the scope of the audit, the game plan for the audit, and the cri- teria it will use to make the assessment of ISO 9001 compliance. The lead registrar will conduct the meeting, and a large number of people should attend to give the registration team the perception of com- panywide commitment to quality. Escorts and high- level management should definitely attend. . Tour the facility: After the initial meeting, the regis- tration team often requests a tour of the facility to get general impression of the size and layout of the departments. The team looks for signs of the ease with which interfacing departments have access to one other. The team also forms impressions of how well the various departments function, based on the state of array or disarray of the physical space. A registration team will typically spend more time in departments that are in physical disarray, but because they do not have time to examine the entire quality system, they can only spot-check it. As with the review of the company quality manual, the facil- ity tour allows the registration team to make judg- ‘ments on where their time will be best spent. Typically, the registration team holds an initial cau- ccus after the facility tour to firm up team member assignments. Members of the team then caucus reg- ularly to share findings and to request assistance from other members in following up on leads. The extra time spent in caucuses and the results of the ‘caucuses often cause the registration team to alter the schedule. Everyone needs to remain flexible. Conduct employee interviews: The registration team will spend the majority of its time conducting inter- views with employees and reviewing the written 1“ 10. detailed procedures and operating instructions. Some registrars talk to employees first; others look at the detailed procedures first. Registrars verify that employees can state their responsibility and author- ity, explain how their jobs are performed, and pro- duce documented procedures. They also confirm that the procedures described in the documentation are the same as those described by the employees uring interviews, Examine management involvement: The registration team examines management involvement in the def- inition, implementation, and review of the quality system. It examines how well employees have been ‘educated on the quality system, how employee roles and responsibilities are communicated, how resources are allocated, and how training of employ- ees occurs and is recorded. Registrars also look at whether employees have the understanding, resources, and training to perform their jobs, and how management reviews the quality system and ‘ensures problems are unearthed and corrected. Examine documentation and implementation: The critical functions controlling the quality system (eg, internal audits, corrective actions, and docu- mentation updates and changes) are reviewed. The registration team assesses the quality system based ‘on whether cach component of it meets ISO 9001 and whether the components work well together. ‘The company must demonstrate that the quality sys- tem conforms to ISO 9001 both in its documentation and in its everyday implementation. Examine the internal audit system: A quality system compliant with ISO 9001 should be self-correcting (ie, able to uncover deficiencies and correct them) through internal audits conducted by the company, To ensure it will continue to comply with ISO 9001 without frequent external audits, the company must demonstrate that it employs an effective internal corporate audit program, which includes properly documented audit procedures, trained auditors, peri- odie audits, recorded findings, recommended cor- rective actions, and adequate follow-up. The registration team will look at whether intemal audits are performed by employees with direct responsibil- ity for the processes being audited or by employees with no direct responsibility. The registration team examines whether at least one employee trained in the ISO 9001 standards, including ISO 10011 guide- lines, has corporate responsibility for the internal audit program, Management receptiveness to inter- nal audit findings is eritical and is also examined.3.1SO 9001 Registration 11. Examine the manufacturing process: Up to 80 per- Cent ofthe registration teams time is spent looking at the manufacturing process; the other 20 percent is splitamong sales, design engineering, servicing, etc. The team verifies that the product design and the manufactured product match the marketing requests. Italso verifies that the product sold to cus- ‘omers matches the manufactured product (that no unauthorized changes are made at the facility or at the point of sale). Examine supplier procurement process: The regis- ‘ation team visits the material purchasing depart- ‘ment to verify that a supplier procurement process is in place. The team also verifies that employees in Purchasing understand and implement the process of evaluating potential suppliers and obtaining quality materials for the facility. 3.3.3 Registration Team Assessment 1. Assess documentation: Inadequate documentation of design review records, test records, audit records, management review records, and others, is a major reason a high percentage of ISO 9001 registration attempts fail. The registration team assesses whether @ company maintains a policy on which records are to be maintained, as well as how, where, and for how long. Readily available objective evidence must exist that each ISO 9001 requirement has been met. Provide initial feedback: The registration team gen- erally holds a meeting at the end of cach day rather than presenting all of its findings on the final day. This meeting, wherein the lead registrar presents the ‘team’s findings and observations of the team for the day, provides an opportunity for the company to refute the findings. A company can implement cor- ‘eetive actions for minor nonconformances prior to the registration team’s leaving, which makes a good impression on the team. For major nonconfor- manees, the company can plan corrective actions and utilize the expertise of the registration team ‘while it is stil on site to determine Whether the cor- rective actions will lead to compliance. 3. Identify nonconformances: Any nonconformances in the documentation for ISO 9001 found by the reg istration team must be corrected before the registra- tion audit can continue, Registrars are not allowed to ‘suggest corrective actions or provide any guidance to the company. They look at whether the quality system has processes in place to prevent problems from recurring. They examine how the responds to customer complaints, to nonconforming products, and to failure of the company to follow its documented procedures. It is best if a company 12. 15 determines the underlying cause of a problem rather than just treating a symptom (e.g, recalibrating a piece of equipment) Provide a final verbal report: The registration team issues a final verbal report to the company that details the full list of nonconformances found at the end of the previous day. After the findings have been presented, the lead registrar states whether the team recommends the company for ISO 9001 regis- ‘tation. Even if no major nonconformances have been identified, the team may make a determination that a number of minor nonconformances indicate a major deficiency in the company’s quality system, Provide a formal written report: A formal written report from the registration team follows the audit. The acwal ISO 9001 registration is granted when an empowered official of the registration agency ‘accepts the recommendation of the registration team. Some audit teams provide numerical scores, while others provide pass—fail grades. The numeri- cal scores are typically more useful to companies that want to concentrate on improving areas of sig- nificant weakness before improving areas that were marginally deficient. 5 Plan follow-up visits (if required): To confirm cor- eetive actions have been taken, the registration team makes a special reassessment visit to the com- any for major nonconformances but relies on the semiannual surveillance visits for minor nonconfor- mances. When the registration team is satisfied that the major nonconformances have been corrected and the activities are in place to correct the minor ‘nonconformances, a certificate of ISO 9001 registra- tion is issued. Note: A company should not view the agency's decision to deny registration as a failure. The process of defining, documenting, and improving the quality system has tre. mendous inherent value to a company. The company needs to realize that its quality system simply was not yet ready to stand up to an external audit and should redou- bie its efforts to achieve ISO 9001 registration through the implementation of corrective actions that address the findings of the registration team. In this way, the next external audit by the ISO 9001 registration team will be shorter because the registration team will concentrate on the nonconformances. 3.3.4 Maintenance of ISO 9001 Registration 1. Quality system evolution: Most companies manage ‘o maintain their ISO 9001 registration from year to year. However, this is not automatic; it requires some effort. The processes and documentation of a3. 1SO 9001 Registration quality system must evolve as the products and busi- ness environment of the company respond to ‘changes in the marketplace. A company must have » an intemal audit program in place for evaluating each change in its processes to determine whether these changes maintain the company’s ISO 9001 registration. Semiannual visits: To maintain its ISO 9001 regis- tration, a company is required to pay an annual fee and to host two semiannual surveillance visits. These visits are used to + Ensure the company’s quality system continues in ‘compliance with ISO 9001 + Evaluate changes to the company’s quality system + Confirm that corrective actions requested during prior audits have been implemented Calibration of internal audit system: The registra- tion team reports semiannual audits in the same ‘manner as it reports nonconformance findings at the facility. These semiannual external audits can be used by the company to calibrate its internal audit program. However, these audits are not performed at the same level as the initial on-site extemal audit, and they focus mainly on past findings and changes to the quality system. Customer complaints are sometimes investigated at these surveillance visits. ‘Tf a serious complaint has been filed, the scheduled follow-up surveillance visit may be moved up. 3.4. Benefits, Cost, and Schedule for ISO 9001 Registration Table 3.3 provides an overview of the benefits, cost, and schedule for ISO 9001 registration. 3.4.1 Benefits The certificate includes the registrar's mark, the logo of the registrar's accrediting body, and a unique ISO 9001 registration number. A registered company is permitted to use the registration number and logos in official com- pany materials as well as in advertisements. Marketing and sales departments realize that ISO 9001 certification enhances the quality image of a product. However, ISO 9001 registration does not imply produet quality. A company may not put the ISO 9001 registra- tion mark directly on a product, and doing so can cause @ ‘company to have its ISO 9001 registration revoked. The return on investment in ISO 9001 registration is dif- ficult to quantify because an organization derives both tangible and intangible benefits when quality is improved. ISO 9001 registration focuses on customer satisfaction, which can lead to customer loyalty, and acquiring a new customer costs more than keeping an existing one. Also, a customer’s perception of product ‘quality has a much greater impact on the market share enjoyed by a company than does product price. ISO 9001 registration helps provide an image of quality to customers. Many companies report that they realiz the payback on investment in ISO 9001 registration within a few years. 3.4.2 Cost The cost of the ISO 9001 registration varies widely depending on the size of the facility and the scope of the ‘operations at the facility. Generally speaking, the cost for the ISO 9001 registration team runs into the tens of thou- sands of dollars. The cost can run higher when the regis- tration agency is not local and significant travel costs are involved. The overall costs to achieve ISO 9001 registra- tion run into several hundred thousands of dollars, ‘A majority of the cost of achieving ISO 9001 registration is incurred in making corrective actions. ‘Table 3.3. Overview of ISO 9001 Registration Benefits, Cost, and Schedule Benefits Cost Schedule = Company gains license to use regis- - Depends on + Depends on tration number and logos in official Size of facility = Excellence of the quality system company material. ~ Scope of operations. already in place + Increased customer satisfaction Number of corrective actions that - Employee buy-in leads to increased customer loyalty. ‘must be made = Corporate quality culture + Investment in ISO 9001 registration = ‘Typically, costs for the registration ~ Amount of documentation is paid off within a few years. team are in the tens of thousands of required dollars; the overall costs, including Registration can be accomplished ‘making corrective actions, canbe in within a few months. the hundreds of thousands of + Average registration schedule is dollars. about 12 months. 163. 180 9001 Registration 3.4.3 Schedule The schedule to achieve ISO 9001 registration varies depending on the excellence of the quality system in place, the resources allocated, the enthusiasm of the employees, and the unique corporate quality culture. Achieving ISO 9001 registration can be accomplished in. ‘a few months. Preparing the documentation is not the ‘most time-consuming part of the process. Creating awareness of quality at the company —getting people to understand the quality system, to follow the documenta- tion, and to take ownership of their roles in the quality system—takes the most time. The proper question in setting a schedule for ISO 9001 registration is based on the benefit it brings in the mar- ketplace and cost of an accelerated implementation. That is, what is the schedule where the company gains the ‘maximum ratio of benefit of ISO 9001 registration to the cost of implementing ISO 9001? Generally speaking, if a company has a working quality system in place, it can achieve ISO 9001 registration in approximately 12 months; if only a simple system is in place or if there is no system at all, 18 months or more are required. If com- mitment of top management is lacking, registration may take considerably longer. W 3.5. The Malcolm Baldrige National Quality Award vs. ISO 9001 Registration Malcolm Baldrige was the Secretary of Commerce dur- ing the Reagan Administration. During Baldrige’s ten- ure, the Department of Commerce instituted a national quality award and named it after Baldrige. 1SO 9001 registration does not provide a company with total quality management or a world-class quality sys- tem. It does not address continuous process improve- ment. Rather it is an important step in readying a company for applying for the Malcolm Baldrige ‘National Quality Award or in moving a company toward the attainment of a world-class quality system. When awarding a company points for the Baldrige award, it is assumed that a company has its processes under control. For this reason, few points are given in the ‘area of process control. ISO 9001 registration demon- strates that a company has its processes under control. Customer satisfaction and the business results of a com- pany, however, are considered. ISO 9001 registration ‘emphasizes internal processes—design, development, production, inspection, testing, installation, and servic ing—that consistently produce quality products and ‘meet or exceed customer expectations. Increased sales and the profitability of a company are also considered in awarding the Baldrige. In contrast, ISO 9001 has little to say concerning position in the marketplace and sales, However, without a quality image, it is difficult for a company to survive in the global marketplace.4. The Future of ISO 9000 The inevitability of an intemational marketplace guaran- tees the future of ISO 9000, Such a standard provides the common language necessary for successful international business. 4.1. Acceptance of ISO 9000 Factors influencing companies to accept the ISO 9000 standards include their need for * Global competitiveness + Global quality standards + Improved system quality + Reduced production costs + Reduced quality auditing costs The trend in the intemational marketplace is toward more complex products. Such products combine two or more product categories (ie., hardware, software, pro- cessed materials, and services). The ISO 9000 standards address (and any updates to them in the future must address) this trend toward greater complexity and must, be based on three primary objectives: 1 Universality A universal quality standard would eliminate derivative or competing quality standards among countries. To ‘meet this objective a majority of international industries ‘must become ISO 9001 certified. 2. Compatibility between existing and future standards Modifications to ISO 9001 requirements that apply to contractual relationships should be few and limited in scope so that the standards continue to be accepted by customers and suppliers involved in ongoing contracts. Particular attention should be given to maintaining ISO 9001 paragraph numbering when modifying existing standards. 3. Flexibility 1S 9000 standards must remain flexible so they can be easily adapted to the changing marketplace. The trend toward products that combine several of the four ISO 9000 product categories is expected to continue. The result of this trend will be a decreased need for separate documents for product categories. In the ISO 9000:2000 standards, the modified documents include the ISO 9001 requirements document, the accompanying ISO 9000 general guidelines document, and the ISO 9004 guide- lines for the interpretation of ISO 9001. Product-specific quality standards for individual industries, however, will still need to be developed from time to time. 4.2. The Future of Quality Audits Future quality audits will be based solely on ISO 9000 and its updates. There will be no industry-specific qual- ity standards for either internal or independent-third- Party audits that are not based on ISO 9000. Accreditation of auditors will continue to be based on the 1SO 9000 audit standards. Auditors will not be certified for any specific industry; they will be certified to audit any industry. Specific knowledge of the industry will be provided, as required, by the addition of technical experts to the registration team. 4.2.1 Indications of a Bright Future for ISO 9000 The defense industry worldwide has accepted ISO 9000 ‘quality standards, and there are several reasons for a lack of resistance to ISO 9000: + Adoption of the ISO 9000 standards improves global competitiveness: ~ Standards already adopted by NATO ~ Required for bidding on European defense Projects ~ Eases the transition into commercial contracting practices + 180 9000 does not conflict with current quality prac tices in the defense industry. In fact, in 1993, the U.S. Department of Defense (DOD) began allowing the Air Force, Army, and Marines to use 1S 9000 in lieu of traditional military quality standards in their procurements. Addresses the need for improved contractor quality ~ Addresses the need for military contractors to be competitive with the commercial market Addresses the desire of DOD for lower surveil- lance costs * Adoption of ISO 9000 reduces the cost associated with ‘multiple standards, ~ Replaces MIL-Q-9858A Requirements) Replaces MIL-I-45208A (Inspection System Requirements) + In the United States, the National Institute of Stan- dards and Technology, the National Aeronautics and Space Administration, AT&T, and the automobile in- dustry have accepted the ISO 9000 standards. In Britain, agencies such as the British Defense Agency and British Telecom require suppliers to achieve ISO 9000 registration if they want to be among the list of preferred suppliers. (Quality Program4. The Future of iSO 9000 * Some 130 countries have readily accepted all or part of 1S0 9000, and the list grows yearly. + Firms implementing ISO 9000 standards are perceived by customers in the intemational marketplace to have higher-quality products. + Even firms not under competitive pressure are adopt- ing the ISO 9000 quality system, + The U.S. government will eventually sanction an ac- creditation body for U.S. registrars and enter into reciprocal agreements with other nations to recognize ‘mutual ISO 9000 registration. The desire for U.S. companies to remain active and competitive in the in. temational marketplace will be the impetus for the ‘government to act sooner rather than later. + Following a period of slow growth in the European Community, the number of companies registered to 1S 9001 grew about 50 percent per year. Comparable growth is expected in the United States. 4.2.2 Standards Recently Developed or in Development In general, ISO standards are revalidated or revised approximately every five years. ‘The philosophy behind the ISO 9000:2000 standards dif- fers from that of the ISO 9000:1994 standards. The old standards focused on preventing product nonconfor- ‘mance. New standards address the need to demonstrate that products meet requirements and provide customer satisfaction (through the process of continuous improve- ment and prevention of product nonconformance), ‘There are now two industry-specific variants on ISO 9000, both in the transportation sectors: QS9000 for automobiles, sponsored by the Automotive Industry Action Group and AS9001 for aircraft, sponsored by the Society of American Engineers (and endorsed by the European Association of Aerospace Industries in Europe).5. Overview of ISO 9001 Requirements 5.1, Management responsibility 5.1.1 Topics + Management responsibility for stating the corporate quality policy and ensuring that it meets ISO 9001 requirements + Management responsibility for ensuring personnel un- derstand and implement the policy for quality + Definition of roles and responsibilities for quality in job descriptions throughout the organization + Designation of a management representative to ensure that the quality standards are established and defined + Periodic review by management of the effectiveness of the quality policy 5.1.2 Requirements + Define and document the policy for quality. — Must include a commitment to requirements and ‘continuous improvement — Must provide a framework for quality objectives ~ Must be reviewed for continuing suitability on periodic basis + Define measurable quality objectives for all functions atall levels of the organization. + Define and document the responsibility, authority, and the interrelationships of personnel who manage, per- form, and verify the work. + Identify resource requirements and provide adequate resources for management, performance, and verifica- tion of the work affecting quality. Designate resources for particular improvement projects. + Appoint a management representative with “defined authority for ensuring that a quality system is estab- lished, implemented, and maintained” and for reporting on the performance of the quality system. + Demonstrate commitment of top management to the development and improvement of the quality system. + Review the quality system at defined intervals to en- sure its continued suitability and effectiveness. + Management reviews must include actions to improve the quality system and products. + Ensure effective communication about the quality management system. 5.1.3 Notes + The quality policy should be a substantive statement of the fundamental quality values of the company. It should provide the vision and not the implementation. It should be a guide for the more detailed documenta- tion required by ISO 9001. The quality policy for a ‘company is not a frequently modified document. + The quality policy can range from a few sentences to a detailed document. Since management is responsible for stating the quality policy and is required to take ‘ownership, management should drive the final text. + The management representative job need not be a ded- icated full-time position. However, if the management representative has other responsibilities relating to the ‘quality system, his or her impartiality must be unques- tionable and supported by documentation. + The duties of the management representative typically include acting as external liaison with the third-party ISO 9001 registration team. *+ Management is expected 10 continuously improve the ‘quality system by reviewing it at regular intervals and by adjusting it to reflect any significant internal or ex- ‘eral change 5.2. Quality system 5.2.1 Topies + Preparation of a quality manual that incorporates the corporate quality policy at a high level of implementa- tion (including references to specific quality policies for organizations and references to major quality processes) + Preparation of detailed procedures that meet ISO 9001 + Preparation of plan for implementing the quality system 5.2.2 Requirements + Prepare a quality manual covering the requirements of this intemational standard. Any exclusion of ISO 9001 requirements must be identified and justified per Clause 1.2, Permissible Exclusions. + Prepare documented procedures consistent with the re- quirements of this intemational standard and the ‘company’s stated quality policy. The quality system documentation must provide evidence of its suffi- ciency to ensure effective operation and control of the system. + Define and document how the requirements for quality will be met. Plans are required for achieving quality objectives, for measurement and monitoring activities, and for continuous improvement of the quality system. + Update quality system plan when there are significant ‘organizational, process, or product changes. 5.2.3 Notes + ISO 9001 also provides a list of activities a company should consider as part of the documented procedures for meeting the defined quality requirements. + The quality manual should provide a systemic view of how the quality policies of the company fit together to5. Overview of ISO 9001 Requirements achieve quality system. Its format typically mimics the sections of ISO 9001. The quality manual is dy- namic, and it changes as the quality system evolves over time. + A typical ISO 9001 quality manual is fewer than 50 pages, compared with the voluminous quality manuals in use at many companies. An ISO 9001 quality man- tual is not meant to provide detailed procedures. References to major policies and processes are sufficient. 5.3. Contract Review 5.3.1 Topics + Methodology for understanding customer inquiries ‘and meeting customer needs + Methodology for reviewing each contract prior to its acceptance + Methodology for clarifying customer orders. when ‘they are not complete or clear + Methodology for executing amendments and changes to contracts + Maintenance of adequate records of contracts and con: tract reviews 5.3.2 Requirements + Establish and maintain documented procedures for contract review. + Review each contract to assure that the requirements are adequately defined and documented. + Review cach contract to assure that the party to whom the contract is provided has the capability to meet the requirements. + Identify how changes are made to @ contract and how these changes are communicated to the appropriate functions within the organization. + Maintain records of contract reviews. + Determine customer requirements, including those un- specified but required by law or regulatory agencies. 5.3.3 Notes + The company is encouraged to establish formal chan- nels of communication with contracting parties. 5.4. Design control 5.4.1 Topics + Procedures for planning that the design of a product is ‘documented and that the product will meet the require- ‘ments specified by the customer + Procedures for implementation of the design process + Procedures for identifying interfaces and communica- tion methods between the design group and other organizations involved in product design + Procedures for ensuring that the design group receives all applicable customer, intemal, and extemal design requirements + Procedures for performing design reviews with the ‘necessary parties at each stage of the design process + Procedures to ensure that all requirements are met by the produet design (design verification) + Procedures to ensure that the final product meets the ‘customer's requirements in its intended environment (design validation) + Procedures for maintaining quality when design changes are made 5.4.2 Requirements + Establish and maintain documented procedures to en- sure that specified requirements are met. + Prepare and update plans for each design and develop- ment activity, including a description of the activity, responsibility for implementation, and an assignment of qualified personnel with sufficient resources. + Review and document the organizational and data in terfaces between groups involved in the design process. + Review and document design and input requirements for the product, including regulatory or statutory requirements, + Verify and document that the design output meets the design input requirements. + Identify those design characteristies that are critical to the safe and proper use of the product. + Plan, conduct, and document formal reviews of design results with representatives of appropriate functions and other specialists, as required. + Verify and document that the design output meets the input requirements at the appropriate stages of the de- sign process. + Validate that design output meets user requirements. + Design and develop plans for the required review, ver- ification, and validation acti 5.4.3 Notes + Through its role of reviewing plans, detining responsi bility for implementation, and assigning qualified personnel, management is a key player in the design! development process leading to quality output. + Anappropriate method of configuration control for in- put requirements, design and development processes, and documents that define the product is required. + Design review procedures and design verification pro- ‘cedures must be documented, It is not enough just to have the procedures in place. + Design validation is performed after a successful de- sign verification for a product.